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(54) Title of the Invention: 

Attacker Traceback Method Using Session Information Management Based on Code 
Mobility 

Abstract: 

The present invention is an attacker trace back method for identifying the host in 
which a hacker is actually residing by tracing the hacker's connection when detecting the 
hacker's direct attack on the host. The prior art was able to protect the domain in which 
the host was located but was not able to identify the attacker. Therefore the attacker was 
able to launch a second or third attack on the same host via a host connected to a network 
that is different from the network that the attacker used in previous attacks. In this case 
the domain in which the certain host belongs to cannot take any measures against the 
attacks. Using a session information management system that applies code mobility the 
present invention traces the locations of the attackers that launch a cyber attack via other 
hosts on the Internet. Thus, a more effective, active network security is realized. 



Tracing the location of the attacker and taking adequate measures against the attacker can 
prevent a second or third attack by the same attacker. 
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eJ6)a!0||/H Oil XI BI^E)2J ois» sas# 












U|eo| B(globa | network) xf^OllAi m% QI0IEIU AI^S, Aidl^SJ oH^(hacking)0ll CHSK* 018 ^6PI . 




Oil 5^ 330ICK SeHOIIfe SgJOII CH» £3§S°J Dl^SHf 1^01 a^OhCf Cf§}| CH S OIL 6H5H2J 




^S2§ g*!tt 4^0 


II SICK ^ol. oH5HJI- X^aioj (Pdnternet Protocol) ^« ^01Ai ggjjjj 3^0jfe M^^OIJAi «2! 





S 6H5HM ^^6^ B^feSHVS X^Ajoj IP ^Oj L«M«a« 3£r6HAi AhOI tH ^ 0j|^, AHdl^M 0>d|AI 

9|fc Aidl^¥^(Denial Of Service : DOS) §i »tt 3^ SH^r ^XHBhfe LilMSIHHI 9IXIB ^6h£H| »Q. [BEf/H. ^3 

«xH 5° ^SOIIAI. ^LH2J oH^^¥E-| A^OIW 3 3*01! SI m .2 S-OWW^JJi^l OHSOII-f aS8Hl ^^J^ 2J£iyi^Se fi§ 

ar 4= ao. 

SE1 

SAilAI 

£ 1^ S ^SOII life 2JH^!0ilAi Oil XI SI^EIBI 0|g°h S^Xf « ^SI ^Alo^l 9\& Ul^?-J3 

£ 2^ S ^SOll afS oi EH ^ Oil AH Oil XI SI^EHSJ ^ZISSM Olgef ^^Xf ^ ^ ^ ^AIOIIS Eh^ll^S UEItil ^Ai£, 

£ 3^ EE 1 Oil £A|& 0IIXI df^EiOilAi 3|^5>izr flH^^32j ^^Oll 0l§£l^ IP GIIOIEiB^e UEftH £2. 

101 : 102. 103. 104, 105, 106 : Oil XI E}^B 

107 : 108 : SSBXI Al^gj 
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109, 110, 111 : aaiAittj 

S £I6l^(internet)0il/H Oil XI af^EUedge router)*! ^3§S(log information)M Olgej- g^Xh « ^SOII a§h >|o^ oi 

B^l &3°J SSS (global network) xh^i Oil AH QIOIEiU Al^gJ, Aldl^SI (hacking) Oil CHoKM OIS ^™olD\ ^X\ 

eauoiife £i¥ uiM?-ia^¥£i m§?a^^ sa*» aaoii a ska ^^^(host) ^oiiAi gnsai &a:>* oi^chi oi« 

»*ISK>I 6H5H (hacker) °i S^M *2J8lSCh 

nam, saou at* ^nsssj ^i^^e^i- §*ioi s^Mma a^Ji mi e oil. oH^bj 4*woii atci. shsh 

J I- XF<M£i iPdnternet Protocol) ^0}A1 2fe ^^Oilfe ilL^OilAi «Z! ^3§S°J°^ ^Slfe 21 S M^^BfCf. 

S ^SS Ss£. f ^XHISM oH^o^l ¥imO| 2!°^. asH U|eo| 3 ^goilAt 2|2voj LHIM?-IB2J CHI XI a| ^ EH Oil AH LH^S g^6fb 2 

g hh^oii ch» ^nsss m^shs^ oun g^xw ip ggoii ajiaoi sh& hh^oii chs!- « ^^5^1 sib sjei^oii/h chixi ai 

^EH2| 0|g°[ g^XI- « ^ S^i XjlSS^br Gil 3 =^01 SID. 

0121 <M£olD\ & »8S. Cr^°J &CU UIM^IBSf ^M&j^o^ 2^6rbr E|^2J Oil XI EI^EH, El^°j s^M, ^aiAjtH, 

^EJ^Xr AI^De ^dle! CI^2J L1|so| a ^ Ol^OiXIfe g£J Al^gjOII SiCHAi, LH^°j ^§ CHI XI af^EH^ 2J¥ UI^?-IBS¥Ei Ui¥ Lil 

m?-ibs eon^br wziou mm ^i^s^ xji 1 e+^i; ^ m¥2i ssirxi ai^q^ei shuoi ijxisibr lh¥ oiixi ai^ei^i 

^□§SI fctt&HS 5H5H21 ?|XIB ^ ^2|8lte XII 2 Eh2IM S^§fb 51M »CK 

Elgg ^SOil OEfE °!EH£!0i|AH OIIXI SI^EISI 0|ge[ 5^X^ « ^Si ^Alo^l ^iel UIM?-IB ^?^5E^, 011X1 E|^EH(10 

2, 103)011 2J6H g^XI- ojEiaa 21B^1 Ajbl^: A^XF °>^0I 3132 OilXI a[^Ei(105, 106)011 Si 5H UEJXf ^ eiEiyi^ filEIS! Ajdl^ 

A^xf yoi ^itjt^ ^sa. ^^i s'^jxh eiEiyi, eiEH^i ahoi^ msxi- ^ ^ g^xh eiayioiife s^xn ^^s^i eh ^ 

ai AH tH(1 09, 110, 11 1)^ 2r^| ^XH^Cf. SES. ^>0| S°JX^ S!Ha, eiEi^l Aitil^ AhSX^ ^ ^ 3 EH ^ Oil ^ ^ S 

°! S&'gXI AI^H (Intrusion Oetection System : IDS)0I ^P^SOH £ lOllfe S gsj ^ ^ CHI H S§h ^ SEJg 

XI AI^HE!- SAI^Qf. 

S £2011 S^CHAi, 2J¥°I oH3H^ X\£l°] s^M(1 01 ) Oil Ai IP ^01 X^oj o]|x| df^EH(102)2f ISP SE Oil ^(Internet Service Provid 

er domain)(ojEHyi Aidl^ M<£X[ »)2| Oil XI a^EH(103, 105)8 ^. HEJ £Oiiei(ij^Xf 2JEI^)2| OilXI af^EH(106)M §6H § 

^M(107)S g^^EK 0| HI § Oil AH ^ 5E0i|O]2J OIIXI a^ EH (103, 106)^ 2J¥ E0iiei^^¥EH Saofb HH^OIl CH&h ^HSai ^|^°h 

a. 

^j^^XI A|^^(108)g £J\ ^X\9\ il^'f ^X|^ 3^ SEiSSM ^aiAjdH(109)Oil^il SH^EK 

^aiAitH(109)^ H Sir XI A|^ii(108)o^«EH USSSi S^^O^ OIIXI a}^Ei(106)2J dh^o^ aH3H^h ?ixl^ g^AI- £CH|oi 

HJ s^^(101)» ^»>CK 

£ 2^ S ^SOII CT>^ 3 EH y| CHI AH OilXI ei^EHHJ 0|g§^ g^XF ^ ^goj ^ ^ AI04IB B^ll^^ UEItH £Ai£0|CK 

21XH, Ui^HJ ij°J^XI A|^gj(108)S S^XP^ ^^^(107)S 3^ ^X\9\ ^Xla^CKB^I 201). 

LH¥^J SEJirXI A|^S(108)^ Ui¥ LHI^?H32J ^aiAiW(1 09)0!l 7t S^X\9\ SJ^J A^M S^CKE+31 202). 

Ui^HJ ^aiA1di(109)^ Ui¥ UI^?-J32J 2^ OIIXI ar^EH (1 06)0il^il Ui^ LHIM?-I3£| ij^j^XI A|^^j(108)o^«EH S^XF IIH^ 

^^oii amoit: sasxi ^n^^e aaecKaai 203). 

Ui¥°l ^aiAHtH(109)^ S£j ^^Ol W&WL=X\ 0\^M Ui^SI CHI XI a^EH(106)S mm &eehCK&^l 204). 

LH^oj HaiA1bH(109)^ El^I 2042] e&.^^. SEJ S^0| ^2£J^ 2i¥ LHI^?-JB^^EH 2| eE+6^01 SjgJ @^0il CliiSfb E| UIM 

?-ibsj ^aiAHdid 10)001 xf<MO| aa ai-cHi chixi a^Eid03, 104, io5)oii^ii ^n^^e ©sen e aaeotB^ii 205). ye, lh^ 

SJ ^aiAibH(109)^ E+^l 2043 &E+ ^J^ ^^01 ^2£|X| LH¥ Ul M?-l BOil M 2| §^25 eB3^0j Ui¥ LHI^?^B0il 6H^^F ^XH 

5^ &EhthCKE^I 208). 

ei aa/HtH(iio)fe »aa a a won oiixi af^EHdo3, 104, 105)011^1 fiseao^ii 206). 

El U|eo| 3 ^oj oilXI af^EH(103. 104, ]05)D\ §2J B^\m ^2SJl^XI 04¥M ee^CKE+^ll 207). 

Ef UIM?HB aai S^EI OilXI ei¥EH(103, 104, ]Q5)J\ SEJ l^ofb £ D§ LHIM9I BS " S'^OI^I [EH ^ Oil. ^>0| 

205^ EH El^I 207^X1 ^iJSrbr g^XI- a^^(101)S CCH^rXI SISOI^D. ^2, El UI^?IB aai 6^21 CHIXI ai^EH(103, 1 

04, 105)^ ^33^ XI %ol±z El LHIM?-IB0i!Ai2j SS£g eBofOI El UI^?H30il o\\m\ ^XHSIfe eB^CI(E^I 20 

8). 
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£ 3^ E 1011 £AI3 011X1 EI¥EH0ilAi Ul^Slfe MZl^n°\ m^0\\ 0|g£|{=r IP Q|0|EH3^M UEiyj ESOICK 

§ £S(HI &OHA1, IP ^^(source IP address)(301 ), ^t:^ IP ^^(destination IP address)(302), H^SM(protocol) ^ Mti\± EIS(serv 
ice type)OI HH^BOII SSfSCf. ^USSOll^ fe^lSJ LHI ?IX| BH^OI ^CH2 CHI XI EI^EHS] S^ 2J EH MO\M input interface) « Oil XI 

ei^ehm gj»» ai zj-oi mm 

OIWOH WS(version), 8IICH 1JOI (header length), # SOKtotal length), ^XI(identification). M^(flags), H EMUS Ell 0I£ £H3!(fragmentat 
ion offset). EI£J ¥ £IH(time to live). 8IICH *II3£ (header checksum) ^ (option) S2I m^0\ EH SACK 

as sn^g ^eh^ ^ urn ohxhioii Jim&n, i^ehoii 2imo\ ^^\m ^ &ci. 

S oH^l^h Xh^oj |p ^Oi WdH L|IM?-IHM S^SHAi AFOI tH MS, Aidl^M DldlAOIfe M ¥5^ (Denial Of Service 

: DOS) mm mm 3? SH^I ^XHolfe UIM?4B2| ?|XlS ^2|o|5E^ eh El. llEfAi, ^§ 2IS0IU §¥ ¥xH ^£ ^31 x^OilAi, ^LU£] 5H 
3H^¥Ei AlOltti S^OII sHI^H^ QH^imr 4= »3| OH SOU. ^26U <M£J£ oi^ £JEH^3M S§i 4 Si LI. 

(57) 

Ll^2i i k CH UIM9-IB2I tfS|2|0£ ^ S^SIfe L|^2j CHI XI EI^EH, LI 4^ 21 sr^M, ^ElAltH, SSUXI Al^Se ?b|& CI4*S| UIM 
¥IBS OI^OHXI^ g<M Al^gjOII SlOHAi, 

LH¥ UI = ?-IB£| U£mXI Al^iJOl S^X|3| US §3*1? 3^ §^X|2j USg UXIo|£r XJI 1 BM: 

U|« Ul^?43£| §J£J^X| AI^SOI Ui¥ UIMSIB2I ^ai bHCHI^I §^£| §oj MMm o^ dj - j,| 2 

£>OI Ui¥ U|eo| a oj ^aiAibH^I- LH^ LHM<SB2| 2 = QIIXl EI^EHOOI &D\ LH¥ UI^BSj SHBXI A|^^o^« Q £2*xh HH 

CHg6l£z SI 81 ft XI ^Zt^^e IJSJSIfe HI 3 B3I; 

£M LH¥ L||M?-IBS| ^E|AHtH}| 881 ^^01 ^SSSifeXI &D\ LH¥ UIM?-IB2| CHI XI df^EHM SoH «l 4 B^l; 

&D\ L4I¥ U|eo| a oj ^aiAitH^I- ^71 li\ 4 B^1I2| ^21. §^0| 2i¥ U|EO| BS¥Ei o| gojog &Er8K>1 S'S ^^011 

CH^ofe Ef Uie^iasi AlfcHCHI^I X^£l o^Oil SUzz CHI XI dh^EHOlM! ^nm^m fi§5H ^ 2)S|5^ M 5 Eh^ll: 

fi*3| El UIM90SI AibH^h X r 612| ^dl 8^0)1 Zltt CHI XI 2|¥EI0IMI fi§5fb XII 6 

^^1 El Hie^isoj 5f oj on x| 5l¥Ei^h US ^2xH^X| 01¥M &B5fe XII 7 B^l; 

^Ol 'El U|e^|B ^El 3\9\ 011X1 Ef^EOf US °^2Sfb SE OB 2i¥ UI^^-IBS¥E|2| SgjOPI ECH^OII, £>0| HI 5 B^I¥E1 ^ 

d\ m 7 e^i^xi ^^offe i§§ ^^xh s^^a 5re ch^xi eimois^ m e e^ie s^a^ eiEHyioiiAi oiixi ef^eh^i s^ssi oi§ 

XII 1 &0II 2ACH Ai . ^Ol LH¥ UIM^jBSJ ^ElAitHPI ^Ol HI 4 BMI2I &B US ^^01 ttaail St^S Ui¥ UIM?-IB0ll MS\ 

e&6hOI LH¥ UIM¥-IB0ll eH5H SJHS^ 52£ BBofb B3IS EH 5^6^ 51 M ^S^S ofe 2J EH ^ CHI AH CHI XI Ef^EH£J ^DSSl 01 
g^XI ^ ^ »B. 

S?S3. 

HI 1 &0I1 21 OH AH, ^Ol El Ul§?a ^El 512) 011X1 EI^EH^I US B^m ^2o|X| ^ofb 3? El UIM?-I B0II Ai §gj£S BBSIOl ^ 
D\ El LIIM9-IB0II 6H5H ^1 EXHol^ e^olb CH Stroll 3*m 61^ 2J EH ^ Oil AH 011X1 Ef- ^ EH 2] 01 gel- 

XI « ^g. 

U^&4. 

HI 1 m UiXI HI 3 9* e ^Oi£ CH^ er &0|| SiOHAi, 2J¥ LH|M?-IB^¥EH LH¥ UI^?-I3S S^olfe HH^Oil CH°f §2oi 

^S2S olfe oJEH^Oil Ai OIIXI El ¥ EH El 0|g§^ g^Xl « ^Sj ^g. 

hi 1 u uixi hi 3mm ^oit oii= °i- &011 siOHAi, ^01 snssb ip ip ah oi ^ eis. m^io\ mo\¥ El^ 

EH EJ S^ eJEHHilOl^ ^! OIIXI EI^EHS Bltm M&m SSSI^ 3# olfe ojEH^IOHAi CHI XI EI^EH2j 0IS& S^XI « 

r5fc tJV tH 



£3 
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